Merge pull request #7991 from cormacpayne/graph-transfer

Remove Resources dependency on common Graph.RBAC library and use SDK instead

Author: markcowl

src/ResourceManager/Resources/Commands.Resources.Test/Commands.Resources.Test.Netcore.csproj

@@ -24,6 +24,7 @@
   </PropertyGroup>
 
   <ItemGroup Condition="'$(TargetFramework)' != 'net472'">
+    <PackageReference Include="Microsoft.Azure.Graph.RBAC" Version="3.5.0-preview" />
     <PackageReference Include="Microsoft.Azure.Management.Authorization" Version="2.8.1-preview" />
     <PackageReference Include="Microsoft.Azure.Management.ManagementGroups" Version="1.1.1-preview" />
   </ItemGroup>

src/ResourceManager/Resources/Commands.Resources.Test/ScenarioTests/ActiveDirectoryTests.cs

@@ -13,8 +13,8 @@
 // ----------------------------------------------------------------------------------
 
 using System.Reflection;
-using Microsoft.Azure.Graph.RBAC.Version1_6;
-using Microsoft.Azure.Graph.RBAC.Version1_6.Models;
+using Microsoft.Azure.Graph.RBAC;
+using Microsoft.Azure.Graph.RBAC.Models;
 using Microsoft.Azure.ServiceManagemenet.Common.Models;
 using Microsoft.Rest.ClientRuntime.Azure.TestFramework;
 using Microsoft.WindowsAzure.Commands.ScenarioTest;

src/ResourceManager/Resources/Commands.Resources.Test/ScenarioTests/Common.ps1

@@ -66,7 +66,7 @@ function New-AzureRmRoleAssignmentWithId
 {
     [CmdletBinding()]
     param(
-        [Guid]   [Parameter()] [alias("Id", "PrincipalId")] $ObjectId,
+        [string] [Parameter()] [alias("Id", "PrincipalId")] $ObjectId,
         [string] [Parameter()] [alias("Email", "UserPrincipalName")] $SignInName,
         [string] [Parameter()] [alias("SPN", "ServicePrincipalName")] $ApplicationId,
         [string] [Parameter()] $ResourceGroupName,
@@ -85,7 +85,7 @@ function New-AzureRmRoleAssignmentWithId
     $cmdlet.DefaultProfile = $profile
 	$cmdlet.CommandRuntime = $PSCmdlet.CommandRuntime
 
-    if ($ObjectId -ne $null -and $ObjectId -ne [System.Guid]::Empty)
+    if (-not ([string]::IsNullOrEmpty($ObjectId)))
     {
         $cmdlet.ObjectId = $ObjectId
     }

src/ResourceManager/Resources/Commands.Resources.Test/ScenarioTests/ResourcesController.cs

@@ -25,7 +25,7 @@
 using Microsoft.Azure.Commands.Common.Authentication.Abstractions;
 using Microsoft.Azure.Commands.ResourceManager.Cmdlets.Components;
 using Microsoft.Azure.Commands.ResourceManager.Cmdlets.Extensions;
-using Microsoft.Azure.Graph.RBAC.Version1_6;
+using Microsoft.Azure.Graph.RBAC;
 using Microsoft.Azure.Management.Authorization;
 using Microsoft.Azure.Management.ManagementGroups;
 using Microsoft.Azure.Management.ResourceManager;

src/ResourceManager/Resources/Commands.Resources.Test/ScenarioTests/RoleAssignmentTests.cs

@@ -13,8 +13,8 @@
 // ----------------------------------------------------------------------------------
 
 
-using Microsoft.Azure.Graph.RBAC.Version1_6;
-using Microsoft.Azure.Graph.RBAC.Version1_6.Models;
+using Microsoft.Azure.Graph.RBAC;
+using Microsoft.Azure.Graph.RBAC.Models;
 using Microsoft.Azure.Management.Authorization;
 using Microsoft.Azure.Management.ResourceManager;
 using Microsoft.Azure.Management.ResourceManager.Models;

src/ResourceManager/Resources/Commands.Resources.Test/ScenarioTests/RoleAssignmentTests.ps1

@@ -112,7 +112,7 @@ function Test-RaDeleteByPSRoleAssignment
 
     # Test
     $newAssignment = New-AzureRmRoleAssignmentWithId `
-                        -ObjectId $users[0].Id.Guid `
+                        -ObjectId $users[0].Id `
                         -RoleDefinitionName $definitionName `
                         -Scope $scope `
                         -RoleAssignmentId c7acc224-7df3-461a-8640-85d7bd15b5da
@@ -140,7 +140,7 @@ function Test-RaByScope
 
     # Test
     $newAssignment = New-AzureRmRoleAssignmentWithId `
-                        -ObjectId $users[0].Id.Guid `
+                        -ObjectId $users[0].Id `
                         -RoleDefinitionName $definitionName `
                         -Scope $assignmentScope `
                         -RoleAssignmentId 54e1188f-65ba-4b58-9bc3-a252adedcc7b
@@ -174,7 +174,7 @@ function Test-RaById
 
     # Test
     $newAssignment = New-AzureRmRoleAssignmentWithId `
-                        -ObjectId $users[0].Id.Guid `
+                        -ObjectId $users[0].Id `
                         -RoleDefinitionName $definitionName `
                         -Scope $assignmentScope `
                         -RoleAssignmentId 93cb604e-14dc-426b-834e-bf7bb3826cbc
@@ -210,7 +210,7 @@ function Test-RaByResourceGroup
 
     # Test
     $newAssignment = New-AzureRmRoleAssignmentWithId `
-                        -ObjectId $users[0].Id.Guid `
+                        -ObjectId $users[0].Id `
                         -RoleDefinitionName $definitionName `
                         -ResourceGroupName $resourceGroups[0].ResourceGroupName `
                         -RoleAssignmentId 8748e3e7-2cc7-41a9-81ed-b704b6d328a5
@@ -243,7 +243,7 @@ function Test-RaByResource
 
     # Test
     $newAssignment = New-AzureRmRoleAssignmentWithId `
-                        -ObjectId $groups[0].Id.Guid `
+                        -ObjectId $groups[0].Id `
                         -RoleDefinitionName $definitionName `
                         -ResourceGroupName $resource.ResourceGroupName `
                         -ResourceType $resource.ResourceType `
@@ -280,23 +280,23 @@ function Test-RaValidateInputParameters ($cmdName)
     # Check if Scope is valid.
     $scope = "/subscriptions/e9ee799d-6ab2-4084-b952-e7c86344bbab/Should be 'ResourceGroups'/any group name"
     $invalidScope = "Scope '/subscriptions/e9ee799d-6ab2-4084-b952-e7c86344bbab/Should be 'ResourceGroups'/any group name' should begin with '/subscriptions/<subid>/resourceGroups'."
-    Assert-Throws { invoke-expression ($cmdName + " -Scope `"" + $scope  + "`" -ObjectId " + $groups[0].Id.Guid + " -RoleDefinitionName " + $definitionName) } $invalidScope
+    Assert-Throws { invoke-expression ($cmdName + " -Scope `"" + $scope  + "`" -ObjectId " + $groups[0].Id + " -RoleDefinitionName " + $definitionName) } $invalidScope
 
     $scope = "/subscriptions/e9ee799d-6ab2-4084-b952-e7c86344bbab/ResourceGroups"
     $invalidScope = "Scope '/subscriptions/e9ee799d-6ab2-4084-b952-e7c86344bbab/ResourceGroups' should have even number of parts."
-    Assert-Throws { &$cmdName -Scope $scope -ObjectId $groups[0].Id.Guid -RoleDefinitionName $definitionName } $invalidScope
+    Assert-Throws { &$cmdName -Scope $scope -ObjectId $groups[0].Id -RoleDefinitionName $definitionName } $invalidScope
 
     $scope = "/subscriptions/e9ee799d-6ab2-4084-b952-e7c86344bbab/ResourceGroups/"
     $invalidScope = "Scope '/subscriptions/e9ee799d-6ab2-4084-b952-e7c86344bbab/ResourceGroups' should have even number of parts."
-    Assert-Throws { &$cmdName -Scope $scope -ObjectId $groups[0].Id.Guid -RoleDefinitionName $definitionName } $invalidScope
+    Assert-Throws { &$cmdName -Scope $scope -ObjectId $groups[0].Id -RoleDefinitionName $definitionName } $invalidScope
 
     $scope = "/subscriptions/e9ee799d-6ab2-4084-b952-e7c86344bbab/ResourceGroups/groupname/Should be 'Providers'/any provider name"
     $invalidScope = "Scope '/subscriptions/e9ee799d-6ab2-4084-b952-e7c86344bbab/ResourceGroups/groupname/Should be 'Providers'/any provider name' should begin with '/subscriptions/<subid>/resourceGroups/<groupname>/providers'."
-    Assert-Throws { &$cmdName -Scope $scope -ObjectId $groups[0].Id.Guid -RoleDefinitionName $definitionName } $invalidScope
+    Assert-Throws { &$cmdName -Scope $scope -ObjectId $groups[0].Id -RoleDefinitionName $definitionName } $invalidScope
 
     $scope = "/subscriptions/e9ee799d-6ab2-4084-b952-e7c86344bbab/ResourceGroups/groupname/Providers/providername"
     $invalidScope = "Scope '/subscriptions/e9ee799d-6ab2-4084-b952-e7c86344bbab/ResourceGroups/groupname/Providers/providername' should have at least one pair of resource type and resource name. e.g. '/subscriptions/<subid>/resourceGroups/<groupname>/providers/<providername>/<resourcetype>/<resourcename>'."
-    Assert-Throws { &$cmdName -Scope $scope -ObjectId $groups[0].Id.Guid -RoleDefinitionName $definitionName } $invalidScope
+    Assert-Throws { &$cmdName -Scope $scope -ObjectId $groups[0].Id -RoleDefinitionName $definitionName } $invalidScope
 
     # Check if ResourceType is valid
     Assert-AreEqual $resource.ResourceType "Microsoft.Web/sites"
@@ -305,7 +305,7 @@ function Test-RaValidateInputParameters ($cmdName)
     $resource.ResourceType = "Microsoft.KeyVault/"
     $invalidResourceType = "Scope '/subscriptions/"+$subscription.Id+"/resourceGroups/"+$resource.ResourceGroupName+"/providers/Microsoft.KeyVault/"+$resource.Name+"' should have even number of parts."
     Assert-Throws { &$cmdName `
-                        -ObjectId $groups[0].Id.Guid `
+                        -ObjectId $groups[0].Id `
                         -RoleDefinitionName $definitionName `
                         -ResourceGroupName $resource.ResourceGroupName `
                         -ResourceType $resource.ResourceType `
@@ -455,7 +455,7 @@ function Test-RaDeletionByScope
 
     # Test
     $newAssignment = New-AzureRmRoleAssignmentWithId `
-                        -ObjectId $users[0].Id.Guid `
+                        -ObjectId $users[0].Id `
                         -RoleDefinitionName $definitionName `
                         -Scope $scope `
                         -RoleAssignmentId 238799bf-1593-45d7-a90d-f3edbceb3bc7
@@ -489,7 +489,7 @@ function Test-RaDeletionByScopeAtRootScope
 
     # Test
     $newAssignment = New-AzureRmRoleAssignmentWithId `
-                        -ObjectId $users[0].Id.Guid `
+                        -ObjectId $users[0].Id `
                         -RoleDefinitionName $definitionName `
                         -Scope $scope `
                         -RoleAssignmentId f3c560f8-afaa-4263-b1d7-e34e0ab49fc7
@@ -528,12 +528,12 @@ function Test-RaPropertiesValidation
     $rd = Get-AzureRmRoleDefinition -Name "Custom Reader Properties Test"
 
     $newAssignment = New-AzureRmRoleAssignmentWithId `
-                        -ObjectId $users[0].Id.Guid `
+                        -ObjectId $users[0].Id `
                         -RoleDefinitionName $roleDef.Name `
                         -Scope $scope `
                         -RoleAssignmentId 584d33a3-b14d-4eb4-863e-0df67b178389
 
-    $assignments = Get-AzureRmRoleAssignment -ObjectId $users[0].Id.Guid
+    $assignments = Get-AzureRmRoleAssignment -ObjectId $users[0].Id
     Assert-NotNull $assignments
 
     foreach ($assignment in $assignments){
@@ -570,7 +570,7 @@ function Test-RaDelegation
 
     # Test
     $newAssignment = New-AzureRmRoleAssignmentWithId `
-                        -ObjectId $users[0].Id.Guid `
+                        -ObjectId $users[0].Id `
                         -RoleDefinitionName $definitionName `
                         -Scope $assignmentScope `
                         -AllowDelegation `
@@ -606,18 +606,18 @@ function Test-RaGetByScope
 
     # Test
     $newAssignment1 = New-AzureRmRoleAssignmentWithId `
-                        -ObjectId $users[0].Id.Guid `
+                        -ObjectId $users[0].Id `
                         -RoleDefinitionName $definitionName `
                         -Scope $scope1 `
                         -RoleAssignmentId 08fe91d5-b917-4d76-81d7-581ff5a99cab
 
     $newAssignment2 = New-AzureRmRoleAssignmentWithId `
-                        -ObjectId $users[0].Id.Guid `
+                        -ObjectId $users[0].Id `
                         -RoleDefinitionName $definitionName `
                         -Scope $scope2 `
                         -RoleAssignmentId fa1a4d3b-2cca-406b-8956-6b6b32377641
 
-    $ras = Get-AzureRmRoleAssignment -ObjectId $users[0].Id.Guid `
+    $ras = Get-AzureRmRoleAssignment -ObjectId $users[0].Id `
             -RoleDefinitionName $definitionName `
             -Scope $scope1
 
@@ -664,7 +664,7 @@ function DeleteRoleAssignment
 {
     param([Parameter(Mandatory=$true)] [object] $roleAssignment)
 
-    Remove-AzureRmRoleAssignment -ObjectId $roleAssignment.ObjectId.Guid `
+    Remove-AzureRmRoleAssignment -ObjectId $roleAssignment.ObjectId `
                                -Scope $roleAssignment.Scope `
                                -RoleDefinitionName $roleAssignment.RoleDefinitionName
 }
@@ -677,7 +677,7 @@ function VerifyRoleAssignmentDeleted
 {
     param([Parameter(Mandatory=$true)] [object] $roleAssignment)
 
-    $deletedRoleAssignment = Get-AzureRmRoleAssignment -ObjectId $roleAssignment.ObjectId.Guid `
+    $deletedRoleAssignment = Get-AzureRmRoleAssignment -ObjectId $roleAssignment.ObjectId `
                                                      -Scope $roleAssignment.Scope `
                                                      -RoleDefinitionName $roleAssignment.RoleDefinitionName  | where {$_.roleAssignmentId -eq $roleAssignment.roleAssignmentId}
     Assert-Null $deletedRoleAssignment

src/ResourceManager/Resources/Commands.Resources/ActiveDirectory/Cmdlets/ActiveDirectoryBaseCmdlet.cs

@@ -0,0 +1,115 @@
+// ----------------------------------------------------------------------------------
+//
+// Copyright Microsoft Corporation
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+// http://www.apache.org/licenses/LICENSE-2.0
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+// ----------------------------------------------------------------------------------
+
+using Microsoft.Azure.Commands.ResourceManager.Common;
+using Microsoft.Azure.Graph.RBAC.Models;
+using System;
+using System.Management.Automation;
+using System.Net;
+using ProjectResources = Microsoft.Azure.Commands.Resources.Properties.Resources;
+
+namespace Microsoft.Azure.Commands.ActiveDirectory
+{
+    public abstract class ActiveDirectoryBaseCmdlet : AzureRMCmdlet
+    {
+        private ActiveDirectoryClient _activeDirectoryClient;
+
+        public ActiveDirectoryClient ActiveDirectoryClient
+        {
+            get
+            {
+                if (_activeDirectoryClient == null)
+                {
+                    _activeDirectoryClient = new ActiveDirectoryClient(DefaultProfile.DefaultContext);
+                }
+
+                return _activeDirectoryClient;
+            }
+
+            set { _activeDirectoryClient = value; }
+        }
+
+        /// <summary>
+        /// Handles graph exceptions thrown by client
+        /// </summary>
+        /// <param name="exception"></param>
+        private void HandleException(Exception exception)
+        {
+            Exception targetEx = exception;
+            string targetErrorId = String.Empty;
+            ErrorCategory targetErrorCategory = ErrorCategory.NotSpecified;
+            var graphEx = exception as GraphErrorException;
+
+            if (graphEx == null)
+            {
+                throw exception;
+            }
+
+            if (graphEx.Body != null && graphEx.Body.Message != null && graphEx.Body.Code != null)
+            {
+                WriteDebug(String.Format(ProjectResources.GraphException, graphEx.Body.Code, graphEx.Body.Message));
+                targetEx = new Exception(graphEx.Body.Message);
+                targetErrorId = graphEx.Body.Code;
+            }
+            else
+            {
+                if (graphEx.Response != null && graphEx.Response.StatusCode == HttpStatusCode.NotFound)
+                {
+                    targetErrorCategory = ErrorCategory.InvalidArgument;
+                }
+                else
+                {
+                    targetErrorCategory = ErrorCategory.InvalidOperation;
+                }
+
+                Exception parsedException = ParseResponse(graphEx);
+                targetEx = parsedException ?? targetEx;
+            }
+
+            var errorRecord = new ErrorRecord(targetEx, targetErrorId, targetErrorCategory, null);
+            WriteError(errorRecord);
+        }
+
+
+        private Exception ParseResponse(GraphErrorException graphEx)
+        {
+            if (graphEx?.Response?.Content != null)
+            {
+                int exceptionMessageIndex = graphEx.Response.Content.IndexOf("\"value\":", StringComparison.CurrentCultureIgnoreCase);
+                if (exceptionMessageIndex > 0)
+                {
+                    string substring = graphEx.Response.Content.Substring(exceptionMessageIndex + 9);
+                    // the start index is added 9, so as to remove the delimiter \"value\":\
+                    string exceptionDetails = substring.Substring(0, substring.IndexOf("\"}"));
+                    return new Exception(exceptionDetails);
+                }
+            }
+
+            return null;
+        }
+
+        protected void ExecutionBlock(Action execAction)
+        {
+            try
+            {
+                execAction();
+            }
+            catch (Exception exception)
+            {
+                WriteDebug(String.Format(ProjectResources.ExceptionInExecution, exception.GetType()));
+                HandleException(exception);
+            }
+        }
+    }
+}

src/ResourceManager/Resources/Commands.Resources/ActiveDirectory/AddAzureADGroupMemberCommand.cs renamed to src/ResourceManager/Resources/Commands.Resources/ActiveDirectory/Cmdlets/AddAzureADGroupMemberCommand.cs

@@ -13,12 +13,10 @@
 // ----------------------------------------------------------------------------------
 
 using Microsoft.Azure.Commands.Common.Authentication.Abstractions;
-using Microsoft.Azure.Graph.RBAC.Version1_6.ActiveDirectory;
-using Microsoft.Azure.Graph.RBAC.Version1_6.Models;
+using Microsoft.Azure.Graph.RBAC.Models;
 using Microsoft.WindowsAzure.Commands.Utilities.Common;
 using System;
 using System.Collections.Generic;
-using System.Linq;
 using System.Management.Automation;
 
 namespace Microsoft.Azure.Commands.ActiveDirectory
@@ -33,7 +31,7 @@ public class AddAzureADGroupMemberCommand : ActiveDirectoryBaseCmdlet
         [Parameter(Mandatory = true, ParameterSetName = ParameterSet.MemberObjectIdWithGroupObject, HelpMessage = "The object id of the member(s) to add to the group.")]
         [Parameter(Mandatory = true, ParameterSetName = ParameterSet.MemberObjectIdWithGroupObjectId, HelpMessage = "The object id of the member(s) to add to the group.")]
         [ValidateNotNullOrEmpty]
-        public Guid[] MemberObjectId { get; set; }
+        public string[] MemberObjectId { get; set; }
 
         [Parameter(Mandatory = true, ParameterSetName = ParameterSet.MemberUPNWithGroupDisplayName, HelpMessage = "The UPN of the member(s) to add to the group.")]
         [Parameter(Mandatory = true, ParameterSetName = ParameterSet.MemberUPNWithGroupObject, HelpMessage = "The UPN of the member(s) to add to the group.")]
@@ -43,7 +41,7 @@ public class AddAzureADGroupMemberCommand : ActiveDirectoryBaseCmdlet
         [Parameter(Mandatory = true, ParameterSetName = ParameterSet.MemberObjectIdWithGroupObjectId, HelpMessage = "The object id of the group to add the member(s) to.")]
         [Parameter(Mandatory = true, ParameterSetName = ParameterSet.MemberUPNWithGroupObjectId, HelpMessage = "The object id of the group to add the member(s) to.")]
         [ValidateNotNullOrEmpty]
-        public Guid TargetGroupObjectId { get; set; }
+        public string TargetGroupObjectId { get; set; }
 
         [Parameter(Mandatory = true, ValueFromPipeline = true, ParameterSetName = ParameterSet.MemberObjectIdWithGroupObject, HelpMessage = "The object representation of the group to add the member(s) to.")]
         [Parameter(Mandatory = true, ValueFromPipeline = true, ParameterSetName = ParameterSet.MemberUPNWithGroupObject, HelpMessage = "The object representation of the group to add the member(s) to.")]
@@ -73,7 +71,7 @@ public override void ExecuteCmdlet()
 
                 if (this.IsParameterBound(c => c.MemberUserPrincipalName))
                 {
-                    var memberObjectId = new List<Guid>();
+                    var memberObjectId = new List<string>();
                     foreach (var memberUPN in MemberUserPrincipalName)
                     {
                         memberObjectId.Add(ActiveDirectoryClient.GetObjectIdFromUPN(memberUPN));